feat(container): update image ghcr.io/siderolabs/talosctl to v1.9.0

[robodexo2000]

This PR contains the following updates:

Package	Update	Change
ghcr.io/siderolabs/talosctl	minor	1.8.4 -> 1.9.0

---

Release Notes

siderolabs/talos (ghcr.io/siderolabs/talosctl)

v1.9.0

Compare Source

Welcome to the v1.9.0-alpha.3 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

AppArmor

Talos Linux starting with v1.9 will ship with SELinux LSM enabled by default.
If you need to use AppArmor LSM add the following to the machine configuration:

machine:
  install:
     extraKernelArgs:
      - -selinux
      - lsm=lockdown,capability,yama,apparmor,bpf
      - apparmor=1

Auditd

Talos Linux now starts a auditd service by default.
Logs can be read with talosctl logs auditd.

talosctl cgroups

The talosctl cgroups command has been added to the talosctl tool.
This command allows you to view the cgroup resource consumption and limits for a machine, e.g.
talosctl cgroups --preset memory.

Device Selectors

Talos now supports matching on permanent hardware (MAC) address of the network interfaces.
This is specifically useful to match bond members, as they change their hardware addresses when they become part of the bond.

Direct Rendering Manager (DRM)

Starting with Talos 1.9, the i915 and amdgpu DRM drivers will be dropped from the Talos squashfs.
There will be new system extensions named i915 and amdgpu that would contain both the drivers and firmware packaged together.
Upgrades via Image Factory will automatically include the new extensions if previously i915-ucode or amdgpu-firmware were used.

Registry Mirrors

In versions before Talos 1.9, there was a discrepancy between the way Talos itself and CRI plugin resolves registry mirrors:
Talos will never fall back to the default registry if endpoints are configured, while CRI plugin will.

Note: Talos Linux pulls images for the installer, kubelet, etcd, while all workload images are pulled by the CRI plugin.

In Talos 1.9 this was fixed, so that by default an upstream registry is used as a fallback in all cases, while new registry mirror
configuration option .skipFallback can be used to disable this behavior both for Talos and CRI plugin.

talosctl disks

The command talosctl disks was removed, please use talosctl get disks, talosctl get systemdisk, and talosctl get blockdevices instead.

talosctl wipe

The new command talosctl wipe disk allows to wipe a disk or a partition which is not used as a volume.

udevd

Talos previously used eudev to provide udevd, now it uses systemd-udevd instead.

Component Updates

• Linux: 6.6.60
• containerd: 2.0.0
• Flannel: 0.26.0
• Kubernetes: 1.32.0-beta.0
• runc: 1.2.1

Talos is built with Go 1.23.3.

User Namespaces

Talos Linux now supports running Kubernetes pods with user namespaces enabled.
Refer to the documentation for more information.

Contributors

• Andrey Smirnov
• Noel Georgi
• Dmitry Sharshakov
• Dmitriy Matrenichev
• Joakim Nohlgård
• Jean-Francois Roy
• Utku Ozdemir
• blablu
• Adolfo Ochagavía
• Alessio Moiso
• Dan Rue
• David Backeus
• Eddie Wang
• Florian Ströger
• Hexoplon
• Jakob Maležič
• KBAegis
• Mike Beaumont
• Nebula
• Nico Berlee
• OliviaBarrington
• Philip Schmid
• Philipp Kleber
• Remko Molier
• Robby Ciliberto
• Roman Ivanov
• Ryan Borstelmann
• Sam Stelfox
• Serge Logvinov
• Sergey Melnik
• Spencer Smith
• SpiReCZ
• Steven Cassamajor
• Steven Kreitzer
• Tim Jones
• Variant9
• adilTepe
• ekarlso
• naed3r
• nevermarine
• solidDoWant
• sophia-coldren

Changes

189 commits

• af5d6b8c41 fix: show SELinux labels on pseudo-fs
• f46922fa9a chore: fix dockerfile warnings
• a13f82c594 feat: udev: label device nodes
• e899fb37fd feat: label created files in /etc
• 5f68c17eda feat: implement image cache configuration
• 0ffb2187a3 feat: registry proxy
• 77cf84fb57 feat: support generating iso with imagecache
• 5de6275b8f chore: image cache generator improvements
• 1a8cc5f8b2 feat: add SELinux labels to volumes
• 61b9129e0c fix: add directory entries and filemode to tarball
• 4caeae21e5 refactor: optimize flags and SetLabel
• 6074a870ad feat: add e2fsprogs to talos rootfs
• 7ffcf5b932 docs: update getting started
• c4c1a0d7c7 fix: make vmware platform common code build on all arches
• cc768037f8 feat: implement block device wipe
• 6fb518ae57 fix: don't activate LVM volumes in agent mode
• 0e3ed30723 fix: no longer leak Close reader
• 4dc58cfdf3 chore: small fixes
• f400ae911b fix: small fixes for image cache generation
• 93754b7de6 fix: config and platform manifest generation
• 95b2fc946e feat: image cache gen
• e4c6186c63 chore: remove i915/amdgpu drivers
• 744ad12a6e docs: update replicated-local-storage-with-openebs.md
• fd713e4514 feat: add permanent hardware addr to device selectors
• d55a96e8cb refactor: remove SELinux client_u and client_r
• 3a5b55fd22 fix: allow CEL expressions config merge
• f1b15f580e chore: remove replace for safchain/ethtool
• f9697a9a07 fix: register controlplane node with NoSchedule taint
• 30f8b5a9f7 fix: registry mirror fallback handling
• 0f41e77434 feat: allow for onlink directive (nocloud)
• e26d0043e0 chore: code cleanup
• 43fe3807a8 feat: implement tracking of blockdevice secondaries
• 8a7476c3ae fix: install on non-empty disk
• 8b4253d185 feat: update etcd to v3.5.17
• 5a0fd5b882 refactor: move early initialization functions to pre-initialize phase
• 9916e2cd8a chore: update pkgs/tools/extras for Go 1.23.3
• 20bbf02355 docs: update vultr documentation
• aea98940b7 fix: arch linux search paths and names for QEMU provisioner
• 682718d4c9 fix: use imager incoming version for extension validation
• 9a02ecc49f feat: rewrite install disk selector to use CEL expressions
• eba35f4413 docs: add note about PSP in Rook-Ceph guide
• 38b80fb1da docs: add missing --talosconfig parameter to end of Hetzner guide
• a07f66c918 docs: gcp: fix controlplane nodes tags
• 4fe6dc8a0a chore: clean dns code
• 0290a38818 release(v1.9.0-alpha.2): prepare release
• a309f6aa57 chore: fix nil pointer dereference in AWS uploader
• 333737f176 test: fix unpriviliged process runner test
• 2001167058 chore(ci): save support zip always after tests
• 6a42c3b8ed release(v1.9.0-alpha.1): prepare release
• fb72e4b7b7 fix(ci): skip test if UserNamespacesSupport feature gate is not set
• 11380f933d feat: display current CPU frequency on dashboard
• fbce267aee feat: check bridged interfaces should not have addresses
• 942962bf00 docs: add docs on usernamespace support in k8s
• 0406a05a98 chore: update pkgs to ones built with gcc 14.2
• 2e127627dc docs: add apparmor enablement release notes
• aa9311f3d8 fix: install disk matcher error
• 1800f81044 fix: selinux handling and apparmor tests
• 313bffadfb feat: update Kubernetes to v1.32.0-beta.0
• bbfa144510 feat: update containerd to v2.0.0
• 8e02b9fcbf docs: update manual k8s upgrade docs
• 474949dc77 feat: add dm-cache dm-cache-smq kernel modules
• 5112547d6b chore: generate support zip for crashdump
• a867f85e4c feat: label system socket and runtime files
• 398f714cff feat: update Linux 6.6.59, runc 1.2.1
• 05c620957c feat: allow extra mounts for docker-based talosctl cluster create
• cedabeddf7 chore: cleanup code
• 61d363e1d0 chore: update go-auditlib
• 960a040491 feat: start enabling SELinux
• 7f3aaa21cd fix: update permissions for logging directories in /var
• 0e6c983b84 fix: mount /sys/kernel/security conditionally
• 74b0e8c371 fix: make route normalization keep family
• 0a3761c22f fix: talosctl windows arm64
• 4b10c5328b chore: add Windows ARM64 build for talosctl
• 9abf16108e feat: add auditd service
• d464ca869f chore: drop runc memfd bind added in #​9069
• b54d26c2c3 fix: mount pseudo sub-mountpoints in init
• 7aeb15f730 chore: disable coredns cache for cluster domain
• d8b652150c docs: add warning about NVMe bus path bug
• 3e16ab135e feat: update Kubernetes to v1.32.0-alpha.3
• 0b8b356777 feat: add BridgePort property to network machine configuration
• b379506259 fix: use more correct condition to skip generating hosts files
• 62ec7ec336 refactor: replace the old v1 mount package with new one
• 0ece13c623 docs: update network-config.md (cont)
• 93827f0485 docs: update network-config.md
• 423b1e5fb2 fix: do not trim 0 from process SELinux label
• 2136358d65 feat: introduce metal agent mode
• 0e15955fcc chore: small refactoring
• 66012a7f26 feat: remove wrapperd and launch processes directly
• 3a0a17ae66 fix: prevent panic in nocloud platform code
• dc0c6acbd7 refactor: remove unmaintained github.com/vishvananda/netlink
• 78353f7918 feat: add parsing of vlanNNNN:ethX style VLAN cmdline args
• 9db7a36bfc fix: generation of SecureBoot iso
• c755b6d7e4 fix: update the CRI sandbox image reference
• cec290b354 feat: allow extensions to log to console
• b7801df827 fix: wait for udevd to be running before activating LVM
• d4cb478a50 docs: improve field description for BridgeSTP, BridgeVLAN
• 7329824b24 docs: add Mynewsdesk to ADOPTERS.md
• a13cf76a34 chore: simplify DNSUpstreamController and DNSUpstream resource
• 62d185473e fix: talosctl process null character
• 77d7368eae feat: update containerd to v2.0.0-rc.6
• d39393879a fix: rework the 'metal-iso' config acquisition
• 1993afca9f chore: create /usr/etc in a different step
• 8680351c13 chore: move system extensions' udev rules
• 3067f64c84 feat: update Flannel to v0.26.0
• 8658d6865f docs: typo in deploying cilium
• 49bbadc4bf docs: add documentation on performance tuning
• 534b0ce183 feat: update runc to 1.2.0 final
• 2172535237 docs: fix image factory links
• 375e3da73f feat: update Kubernetes to 1.32.0-alpha.2
• 9e6f64df04 fix: improve error messages for invalid bridge/bond configuration
• 7c8c72c2b2 fix: correct error message for invalid ip=
• ead46997c9 chore: rename tpm2.PCRExtent -> tpm2.PCRExtend
• 867c4b8125 docs: fix typo in prodnotes.md
• 1b22df48a4 chore: support debug shell for advanced development
• c14b446229 feat: update Kubernetes to v1.32.0-alpha.1
• 29780d35a0 test: add an integration test for verifying process parameters
• 3d342af447 fix: update incorrect alias for PCIDevice resource
• f7d35a5e0b release(v1.9.0-alpha.0): prepare release
• e0434d77d7 feat: update dependencies
• 5c5a248861 feat: add Talos 1.9 compatibility guarantees
• bc4c21f41a test: add json logs test environment
• 71faa32942 docs: nvidia proprietary/oss hardware requirement
• 59a78da42c chore: add proto-codec/codec
• 7ff1cedfe3 chore: update siderolabs/crypto module and return proper ALPN
• ccbd5aed39 feat: optionally decode hcloud userdata as base64
• 34f652ce82 feat: add well-known app.kubernetes.io labels to control-plane pods
• fc89dc2164 fix: support extra-disks when using iso
• f2bff814de chore: add arm64 target for integration-test
• 5853bb0ea4 fix: json logging panic
• a859cff364 chore: use virtio driver for disks in arm64
• db248de88d chore(ci): add config for lldpd extension
• 9f0de9f43d test: update provision upgrade tests for Talos 1.9
• 39fe285e69 fix: skip ram disks
• a9bff3a1d0 test: skip no error test in Cilium
• 4d902021bb fix: do not use pflag csv comma reader for config-patch
• 5371788ce1 fix: typo in documentation
• 8a228ba6bc docs: add egress documentation
• 182325cb07 test: skip lvm test if not enough user disks available
• 519a48302e fix: wipe system partitions correctly via kernel args
• 0a2b4556c5 fix: volume encryption with failing keyslots
• 6affbd3182 fix: update grpc-go the latest patch release
• 77a4a4adc7 fix: scaleway metadata
• 7acadc0c8f fix: do not stop udevd before unmounting volumes
• 6a081055b0 feat: update Flannel to v0.25.7
• 2362f6d3ee fix: improve container detection
• b67bc73fd3 fix: fix mdadm system extension
• f08669c7a9 feat: bring in lpfc kernel module driver
• 6a014374be feat: enable QEDF driver
• f711907e03 fix: make /var/run empty on reboots
• 7d02eb60f4 docs: fix typo in CloudStack docs
• 74861573a7 fix: multiple fixes for LVM activation
• 74c12c20e0 feat: replace eudev with systemd-udevd
• 0a4df4ef84 docs: fix nvidia CRI config example
• afc1e1a46a docs: fix typo in extraMounts directory
• a341bdb064 fix: prevent file descriptors leaks to child processes
• dec653bfe1 chore: better lvm2 tests
• 908fd8789c feat: support cgroup deep analysis in talosctl
• aa846cc186 feat: add support for CI Network config in nocloud
• 10f2539f23 chore: disable cloud-images cron workflow
• b07a8b36b2 chore: ignore more plugins for system containerd
• 392c4798f0 feat: prepare for Talos 1.9
• ea7bf9fb43 docs: update storage.md
• 4ab8dee69a fix: build talosctl without tcell_minimal
• 2fa019bd97 docs: enable 'edit on GitHub' link
• d2ccbc2b15 docs: update hetzner documentation for CCM
• d498f647cd docs: fix Kernel Self Protection Project (KSPP) references
• 0ec75463ee docs: make Talos 1.8 current release
• 9b77698cf2 fix: update blockdevice library to v2.0.2
• e46227ab95 docs: fix kubespan name inconsistency
• 6b15ca19cd fix: audit and fix cgroup reservations
• 32b5d01ed3 chore: bump lvm2
• 6484581eb8 feat: allow /sbin/ldconfig in extensions
• 9fa08e8437 chore: refactor tests
• d8ab4981b6 feat: support lvm auto activation
• 8166a58b36 fix: filter out non-printable characters in process line
• 806b6aaf52 docs: add SECURITY.md
• 7bd26df308 docs: document /dev/net/tun compatibility
• 18daedb511 fix: strategic merge patch delete for map keys
• f3370529ac docs: correct typo
• 8d6884a8e2 test: add a test for inline machine config trusted roots
• d4a6d017db fix: ignore invalid NTP responses
• 869f8379f2 feat: update default Kubernetes version to 1.31.1
• 780a1f198a fix: update CoreDNS health check
• 79cd031588 chore: account for resource sorting in dns upstream resource
• e17fafaca2 chore: drop activateLogicalVolumes sequencer step
• a294b366f2 fix: parse SideroLink API endpoint correctly
• a9269ac7b1 fix: remove extra logging on ethtool ioctl failures
• 5c6277d171 feat: update etcd to 3.5.16
• c1ed2984b8 docs: add what's new for Talos 1.8

Changes since v1.9.0-alpha.2

44 commits

• af5d6b8c4 fix: show SELinux labels on pseudo-fs
• f46922fa9 chore: fix dockerfile warnings
• a13f82c59 feat: udev: label device nodes
• e899fb37f feat: label created files in /etc
• 5f68c17ed feat: implement image cache configuration
• 0ffb2187a feat: registry proxy
• 77cf84fb5 feat: support generating iso with imagecache
• 5de6275b8 chore: image cache generator improvements
• 1a8cc5f8b feat: add SELinux labels to volumes
• 61b9129e0 fix: add directory entries and filemode to tarball
• 4caeae21e refactor: optimize flags and SetLabel
• 6074a870a feat: add e2fsprogs to talos rootfs
• 7ffcf5b93 docs: update getting started
• c4c1a0d7c fix: make vmware platform common code build on all arches
• cc768037f feat: implement block device wipe
• 6fb518ae5 fix: don't activate LVM volumes in agent mode
• 0e3ed3072 fix: no longer leak Close reader
• 4dc58cfdf chore: small fixes
• f400ae911 fix: small fixes for image cache generation
• 93754b7de fix: config and platform manifest generation
• 95b2fc946 feat: image cache gen
• e4c6186c6 chore: remove i915/amdgpu drivers
• 744ad12a6 docs: update replicated-local-storage-with-openebs.md
• fd713e451 feat: add permanent hardware addr to device selectors
• d55a96e8c refactor: remove SELinux client_u and client_r
• 3a5b55fd2 fix: allow CEL expressions config merge
• f1b15f580 chore: remove replace for safchain/ethtool
• f9697a9a0 fix: register controlplane node with NoSchedule taint
• 30f8b5a9f fix: registry mirror fallback handling
• 0f41e7743 feat: allow for onlink directive (nocloud)
• e26d0043e chore: code cleanup
• 43fe3807a feat: implement tracking of blockdevice secondaries
• 8a7476c3a fix: install on non-empty disk
• 8b4253d18 feat: update etcd to v3.5.17
• 5a0fd5b88 refactor: move early initialization functions to pre-initialize phase
• 9916e2cd8 chore: update pkgs/tools/extras for Go 1.23.3
• 20bbf0235 docs: update vultr documentation
• aea98940b fix: arch linux search paths and names for QEMU provisioner
• 682718d4c fix: use imager incoming version for extension validation
• 9a02ecc49 feat: rewrite install disk selector to use CEL expressions
• eba35f441 docs: add note about PSP in Rook-Ceph guide
• 38b80fb1d docs: add missing --talosconfig parameter to end of Hetzner guide
• a07f66c91 docs: gcp: fix controlplane nodes tags
• 4fe6dc8a0 chore: clean dns code

Changes from siderolabs/crypto

1 commit

• 58b2f92 chore: use HTTP/2 ALPN by default

Changes from siderolabs/discovery-api

1 commit

• 005e92c chore: rekres and regen

Changes from siderolabs/discovery-client

1 commit

• b74fb90 fix: allow custom TLS config for the client

Changes from siderolabs/extras

3 commits

• 78ba66b feat: update Go to 1.23.3
• eab6e58 feat: update dependencies
• 1459d78 feat: update pkgs for 1.9

Changes from siderolabs/gen

3 commits

• e847d2a chore: add more utilities to xiter
• f3c5a2b chore: add Empty and Empty2 iterators
• c53b90b chore: add packages xiter/xstrings/xbytes

Changes from siderolabs/go-blockdevice

1 commit

• 134c41b fix: fast wipe also last 1MB of the device

Changes from siderolabs/go-circular

1 commit

• 9a0f7b0 fix: multiple data race issues

Changes from siderolabs/go-cmd

3 commits

• d735250 fix: return an error on process nonzero exit code
• 5662c7f feat: add an equivalent of WaitWrapper for os.Process
• 71fced6 chore: rekres and move to GHA

Changes from siderolabs/go-kubernetes

4 commits

• 0f62a7e feat: add one more deprecation/removal for v1.32
• 87d2e8e feat: add one more deprecation for 1.32.0-beta.0
• e56a7f6 fix: update deprecations based on Kubernetes 1.32.0-alpha.3
• 381f251 feat: update for Kubernetes 1.32

Changes from siderolabs/grpc-proxy

2 commits

• de1c628 fix: copy data from big frame msg
• ef47ec7 chore: upgrade Codec implementations and usages to Codec2

Changes from siderolabs/pkgs

46 commits

• a463a50 feat: add e2fsprogs
• bfd88f5 chore: fix make kernel-menuconfig completely
• cee356e chore: fix menuconfig build
• a5530cf feat: update Linux to 6.6.62, runc to 1.2.2
• ac329c9 feat: enable CONFIG_INTEL_HFI_THERMAL + CONFIG_INTEL_TURBO_MAX_3
• 567a14a fix: do not build unneeded utilities and man for SELinux libraries
• b15a3d9 feat: bump dependencies
• 6bdba41 feat: update Linux to 6.6.60
• 4699763 feat: update gcc to 14.2
• 9a98f73 feat: update containerd to v2.0.0
• 20e1e08 feat: enable CONFIG_DM_CACHE
• df45e16 feat: update Linux to 6.6.59
• 2e733cc feat: bump dependencies
• c92e123 fix: enable nvme and 2.5gbit ethernet on nanopi-r5s
• b160184 feat: update runc to v1.2.1
• e9950d9 chore: drop syslinux
• fc2e8dc feat: update containerd to v2.0.0-rc.6
• 38304a6 feat: update Linux to 6.6.58
• 84b8df8 chore: do not use /usr/etc/udev
• c9282c8 feat: update runc to 1.2.0
• 38ad08e fix: default IOMMU mode to 'lazy'
• be92da0 feat: update Linux to 6.6.57, update Linux firmware
• 0b67a13 feat: bump dependencies
• dd5f928 feat: update Linux 6.6.56 and protect /proc/mem
• b1bf972 feat: enable CONFIG_XFRM_STATISTICS
• c63beae feat: update Linux to 6.6.54
• f474a55 fix: libselinux: support running without /etc/selinux
• ba0341e fix: systemd-udevd: search for config in /usr/etc
• 2b193f1 feat: add lpfc kernel module
• 1adb946 feat: enable QEDF driver
• dbbe3d0 feat: update containerd to v2.0.0-rc.5
• f19590e feat: update Go to 1.23.2
• e2a561f fix: drop the LVM2 udev lvm rule
• ae205aa fix: force LVM to use /run as state directory
• 232a153 feat: replace eudev with systemd-udevd
• 40fb82a feat: add libselinux, libsepol, pcre2 and libcap
• 6f40fbb feat: update xfsprogs 6.10.1
• a1709c7 feat: enable module unloading and memory hotplug (for NVIDIA UVM)
• 2c5785b feat: enable transparent huge pages in madvise mode
• ca2e8c8 fix: lvm2 modprobe path
• 6b334a6 feat: update Linux to 6.6.52
• e90ae7e feat: update Linux firmware to 2024090
• 79a4f92 feat: enable INET_DIAG
• c9f7eb9 feat: update Linux to 6.6.51
• 126b6a4 fix: add mpt3sas UBSAN patches
• a09bf93 chore: drop UBSAN patch

Changes from siderolabs/proto-codec

3 commits

• 0d84c65 chore: add support for gogo protobuf generator
• 19f8d2e chore: add kres
• e038bb4 Initial commit

Changes from siderolabs/siderolink

1 commit

• 1893385 fix: initialize tls listener properly

Changes from siderolabs/tools

10 commits

• e061b6f feat: update dependencies
• 2704b85 feat: update Go to 1.23.3
• 3750064 fix: update for musl with close_range
• 0a443c6 feat: update toolchain for gcc 14.2
• 63ecd80 feat: bump depedendencies
• 2058296 feat: bump dependencies
• 1151610 feat: update Go to 1.23.2
• 9f2189b fix: bump gettext-tiny to the latest dev version
• 95069d6 feat: update Go to 1.23.1
• eec0656 feat: replace gettext with gettext-tiny

Dependency Changes

• cloud.google.com/go/compute/metadata v0.5.0 -> v0.5.2
• github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 -> v1.16.0
• github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 -> v1.8.0
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates v1.1.0 -> v1.3.0
• github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 -> v1.3.0
• github.com/aws/aws-sdk-go-v2/config v1.27.33 -> v1.28.3
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 -> v1.16.19
• github.com/aws/aws-sdk-go-v2/service/kms v1.35.7 -> v1.37.5
• github.com/aws/smithy-go v1.20.4 -> v1.22.0
• github.com/containerd/containerd/api v1.8.0-rc.3 -> v1.8.0
• github.com/containerd/containerd/v2 v2.0.0-rc.4 -> v2.0.0
• github.com/containerd/errdefs v0.1.0 -> v1.0.0
• github.com/containerd/platforms v0.2.1 -> v1.0.0-rc.0
• github.com/containerd/typeurl/v2 v2.2.0 -> v2.2.3
• github.com/containernetworking/plugins v1.5.1 -> v1.6.0
• github.com/cosi-project/runtime v0.5.5 -> v0.7.1
• github.com/docker/cli v27.3.1 new
• github.com/docker/docker v27.2.0 -> v27.3.1
• github.com/elastic/go-libaudit/v2 v2.6.0 new
• github.com/fatih/color v1.17.0 -> v1.18.0
• github.com/florianl/go-tc v0.4.4 new
• github.com/foxboron/go-uefi e2076f0 -> fab4fdf
• github.com/fsnotify/fsnotify v1.7.0 -> v1.8.0
• github.com/google/cadvisor v0.50.0 -> v0.51.0
• github.com/google/cel-go v0.22.0 new
• github.com/gopacket/gopacket v1.2.0 -> v1.3.1
• github.com/hetznercloud/hcloud-go/v2 v2.13.1 -> v2.16.0
• github.com/klauspost/compress v1.17.9 -> v1.17.11
• github.com/klauspost/cpuid/v2 v2.2.8 -> v2.2.9
• github.com/linode/go-metadata v0.2.0 -> v0.2.1
• github.com/mdlayher/ethtool v0.1.0 -> v0.2.0
• github.com/opencontainers/runc v1.2.0-rc.3 -> v1.2.1
• github.com/rivo/tview fd649db -> c76f787
• github.com/safchain/ethtool v0.4.1 -> 4e3aff4
• github.com/siderolabs/crypto v0.4.4 -> v0.5.0
• github.com/siderolabs/discovery-api v0.1.4 -> v0.1.5
• github.com/siderolabs/discovery-client v0.1.9 -> v0.1.10
• github.com/siderolabs/extras v1.8.0 -> v1.9.0-alpha.0-2-g78ba66b
• github.com/siderolabs/gen v0.5.0 -> v0.7.0
• github.com/siderolabs/go-blockdevice v0.4.7 -> v0.4.8
• github.com/siderolabs/go-blockdevice/v2 v2.0.2 -> v2.0.6
• github.com/siderolabs/go-circular v0.2.0 -> v0.2.1
• github.com/siderolabs/go-cmd v0.1.1 -> v0.1.3
• github.com/siderolabs/go-kubernetes v0.2.12 -> v0.2.16
• github.com/siderolabs/grpc-proxy v0.4.1 -> v0.5.1
• github.com/siderolabs/pkgs v1.8.0-8-gdf1a1a5 -> v1.9.0-alpha.0-45-ga463a50
• github.com/siderolabs/proto-codec v0.1.1 new
• github.com/siderolabs/siderolink v0.3.10 -> v0.3.11
• github.com/siderolabs/talos/pkg/machinery v1.8.0 -> v1.9.0-alpha.2
• github.com/siderolabs/tools v1.8.0-1-ga0c06c6 -> v1.9.0-alpha.0-9-ge061b6f
• github.com/thejerf/suture/v4 v4.0.5 new
• go.etcd.io/etcd/api/v3 v3.5.16 -> v3.5.17
• **go.etcd.io/etcd/client/pkg/v

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.